Gartner’s report, GDPR Clarity: 19 Frequently Asked Questions Answered, predicts that by 25 May 2018, when the legal framework goes live, less than 50% of all organisations impacted by it will be fully compliant.
This prediction doesn’t seem to be too far from the truth, especially locally. Despite GDPR being a month away from full implementation, some South African business still remain unprepared that they may need to comply with this piece of legislation if they do business with EU citizens or companies.
A 2017 study showed that as many as 89% of surveyed South African organisations had both personal and sensitive data contained in their e-mail systems. They therefore need to review and retool their handling of this data to ensure it is adequately protected.
Recently, the Mimecast Email Security Risk Assessment (Esra) showed that the current e-mail security systems of most organisations, are failing to detect and act on thousands of attacks. With GDPR in effect, the exposure of personal information for any EU clients means a hefty fine with the potential to cripple an organisation, if not destroy it.
Legislation has outlined penalties for GDPR non-compliance as upwards of €20m, or 4% of the organisation’s yearly revenue, whichever is higher. Businesses who fall victim to cybercrime in the age of GDPR will not only have to deal with the fallout of a successfully executed attack, but severe financial punishments as well.
Five important things to keep in mind regarding GDPR compliance:
Currently, if a data breach occurs, an organisation will do its best to cover it, and, depending on the severity, keep it within the confines of the IT department. However, when GDPR is enacted, all hacks that compromise personal data of EU citizens must be reported to the supervisory authority within three days.
Finally, GDPR may not be relevant to South African businesses that don’t employ EU citizens or conduct business in the region, but it is still important for them to consider the requirements for maintaining data privacy as outlined by this regulation. PoPI will soon be enforced and other legislation may become more prevalent across all regions. As a South African business, it’s worth building for the future today, rather than waiting until it’s too late.